Your message dated Thu, 18 Jul 2013 17:18:59 +0000 with message-id <e1uzrr1-00075i...@franck.debian.org> and subject line Bug#715007: fixed in mongodb 1:2.4.5-1 has caused the Debian Bug report #715007, regarding mongodb: CVE-2013-4650 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 715007: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715007 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: mongodb Severity: grave Tags: security Justification: user security hole This has been assigned CVE-2013-4650 (http://www.mongodb.org/about/alerts/): https://jira.mongodb.org/browse/SERVER-9983 Fix: https://github.com/mongodb/mongo/commit/23344f8b7506df694f66999693ee3c00dfd6afae Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: mongodb Source-Version: 1:2.4.5-1 We believe that the bug you reported is fixed in the latest version of mongodb, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 715...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Antonin Kral <a.k...@sh.cvut.cz> (supplier of updated mongodb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 17 Jul 2013 16:23:43 +0200 Source: mongodb Binary: mongodb mongodb-server mongodb-clients mongodb-dev Architecture: source amd64 Version: 1:2.4.5-1 Distribution: unstable Urgency: critical Maintainer: Antonin Kral <a.k...@sh.cvut.cz> Changed-By: Antonin Kral <a.k...@sh.cvut.cz> Description: mongodb - object/document-oriented database (metapackage) mongodb-clients - object/document-oriented database (client apps) mongodb-dev - object/document-oriented database (development) mongodb-server - object/document-oriented database (server package) Closes: 710639 715007 715015 717173 Changes: mongodb (1:2.4.5-1) unstable; urgency=critical . * new upstream release https://jira.mongodb.org/browse/SERVER/fixforversion/12519 * CVE-2013-4650 - fix allows remote authenticated users to obtain internal system privileges (Closes: #715007). * CVE-2013-2132 and CVE-2013-4142 - Remotely triggered segmentation fault in Javascript engine (Closes: #717173). * Force use of TIME_UTC_ boost macro (Closes: #710639). * Use gcc and g++ 4.7 to avoid #701324 which is still pending. * Remove build directory (Closes: #715015). * Currently uses embedded V8 as the one in Debian is too old. Checksums-Sha1: 58dabf7a89ac31d14fefbc7d3812920be3574107 1728 mongodb_2.4.5-1.dsc b0b38acb4a170bd4c666087f4aa0a0146e5aeb99 10951980 mongodb_2.4.5.orig.tar.gz 95eadabd1cc9aac10f781bc57423c71509c7748e 54989 mongodb_2.4.5-1.debian.tar.gz d267c6ab7acadc4721dc66bddd54bb8113a1e9f7 11948 mongodb_2.4.5-1_amd64.deb 339daf8c3c741ba1456af2de641ca693e9373f8a 9901134 mongodb-server_2.4.5-1_amd64.deb 9c435e469e1d7191b57fe427794953cdb23fbbb5 64548124 mongodb-clients_2.4.5-1_amd64.deb a30a74a9a1186f136f197fa838a5ffdab2b86a63 1690970 mongodb-dev_2.4.5-1_amd64.deb Checksums-Sha256: 7586b534f7e384ddf798bf6b2b856e57cd72e013659622ca1798789426a92d12 1728 mongodb_2.4.5-1.dsc 7dcded507737ff595e4dbc04e266cf318d81122d6c24c85c159ab0cabf560913 10951980 mongodb_2.4.5.orig.tar.gz 8ff1f7de52492843412b7b8f5e310ee2c278090a7154f79c453afe3ca257f8c0 54989 mongodb_2.4.5-1.debian.tar.gz 19444976072a6207654f5138e61cadf67ca0043b2fe70d8e33d095e15d45dc0f 11948 mongodb_2.4.5-1_amd64.deb 425125da8239ef0f6e1280f4dee0d81b6b93c8a8b1fce46748e9f12be1c2af8c 9901134 mongodb-server_2.4.5-1_amd64.deb 2d584e1fd70f5989286e53617fd2f079e93e57b1f1b3d9b7d3c99b05bde9c696 64548124 mongodb-clients_2.4.5-1_amd64.deb ec2aeba0d4b34eca3d931692eacd5c0a262738099355b2d1de81c4de87e97c72 1690970 mongodb-dev_2.4.5-1_amd64.deb Files: d2d9d1e609a4c05a8cf7a6ea68df85bc 1728 database extra mongodb_2.4.5-1.dsc d98382df51af35b4e0e9b6082525ecc1 10951980 database extra mongodb_2.4.5.orig.tar.gz 8d2b4eaf7049460f8a953a7b6d32e8b5 54989 database extra mongodb_2.4.5-1.debian.tar.gz 39a8f727370c07aec3acc4f066f2dd32 11948 database extra mongodb_2.4.5-1_amd64.deb 0bfa4c25b627a6cdfaa0b4824d67f456 9901134 database extra mongodb-server_2.4.5-1_amd64.deb f0c9e9ef0f7c5701b588f440affcca6f 64548124 database extra mongodb-clients_2.4.5-1_amd64.deb f069c21c1cf774752daddb08b74fce31 1690970 libdevel extra mongodb-dev_2.4.5-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlHoHaUACgkQluuhBRvyMFq97gCgmEvEPwvXiOFuruCttkL/h00v N0UAnjY7+jMUn2mfgA+mH3VyASFpSiJz =p248 -----END PGP SIGNATURE-----
--- End Message ---
